package com.kyle.silverbullet.client.config;

import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;

/**
 * @author Joe Grandja
 */
@Profile("prod")
@EnableWebSecurity
public class ResourceServerConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .mvcMatcher("/api/**")
                .authorizeRequests(config -> {
                    config
//                            .mvcMatchers("/api/**").access("hasAuthority('SCOPE_blogxsecurity')")
                            .antMatchers("/api/**").hasAuthority("SCOPE_blogxsecurity")
                            .anyRequest().permitAll();
                })
                .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
    }
}